1. 03 Jan, 2019 2 commits
  2. 31 Dec, 2018 3 commits
  3. 30 Dec, 2018 3 commits
  4. 18 Dec, 2018 3 commits
  5. 14 Dec, 2018 1 commit
    • Vincent Pelletier's avatar
      all: Rework logging. · 05893598
      Vincent Pelletier authored
      Make tests almost completely silent by default, while still printing output
      generated during corresponding test on failure.
      Produce more somewhat-apache-like error logs, both from httpd and wsgi
      errors.
      05893598
  6. 09 Nov, 2018 1 commit
  7. 05 Nov, 2018 1 commit
  8. 02 Nov, 2018 1 commit
  9. 19 Oct, 2018 4 commits
  10. 26 Sep, 2018 4 commits
    • Vincent Pelletier's avatar
      all: More python3 adaptations. · 8ce08bf9
      Vincent Pelletier authored
      What was not picked up by 2to3.
      8ce08bf9
    • Vincent Pelletier's avatar
      all: Reduce differences with python3. · 7f9e56cf
      Vincent Pelletier authored
      Using only 2to3 conversions which are python2-compatible.
      7f9e56cf
    • Vincent Pelletier's avatar
      wsgi: Become web-friendly · 719959e0
      Vincent Pelletier authored
      Self-describe site structure in application/hal+json format.
      Add Cross-Origin Resource Sharing support: pre-flight request support,
      same-origin-only origin access control minimal html page. Access control
      decision is stored client-side in a signed & time-limited cookie
      supporting multiple concurrent origins. Origins may be pre-allowed (ex:
      when caucase GUI is served from a trusted server).
      719959e0
    • Vincent Pelletier's avatar
      all: Make caucased https certificate independent from CAS. · 17325dc0
      Vincent Pelletier authored
      This is a step in the direction of being browser-friendly: if caucased
      https certificate is issued by CAS CA, then for a browser to trust that
      certificate it would have to trust all certificates emitted by CAS CA
      certificate. This would be very dangerous, as CAS CA does not constrain
      the certificates it may sign, so it exposes users of that caucased to
      rogue certificates.
      Alone, this step is insufficient, as the new internal "http_cas" does not
      constrain certificates yet. This will happen in a separate commit, to
      ease review and regression testing.
      As a consequence of this step, by default client will not check server
      certificate in https. This is consistent with how trust is bootstrapped
      with plain http: maybe client is accessing an unexpected/malicious
      caucased, but in such case issued certificates will be worthless to a
      party which could access the correct caucased. Also, the client
      certificate presented to caucased does not allow that caucased to fake
      being that user, so there is no privilege escalation possible for
      server.
      17325dc0
  11. 21 Sep, 2018 3 commits
  12. 20 Sep, 2018 4 commits
  13. 22 Jul, 2018 3 commits
  14. 20 Jul, 2018 3 commits
  15. 14 Jul, 2018 3 commits
  16. 13 Jul, 2018 1 commit